All tenant admins locked due to Require phishing-resistant multifactor authentication for admins CA

Question

Hello there.

All admin accounts are locked out of the admin portals due to the CA policy that enforces Phish resistance MFA 

To confirm to you is that no GA account is able to access any admin portal on the tenant. 

What we are requesting is to turn off the conditional access policy that enforces Phish resistance required until all the configurations are in place.  Restoring access is business-critical, as we are currently unable to manage or reactivate a Microsoft 365 subscription without Administrator privileges. 

I will appreciate your assistance. Thanks

Answer 1

Gilbert Ngetich

Thank you for reaching out to Microsoft Q&A.

I understand All tenant admins locked due to Require phishing-resistant multifactor authentication for admins CA.

In this case, if there is another global administrator from your tenant, they can help you to reregister your MFA.

Admin has to perform below steps to reset your MFA so that you can re-register for authenticator app.

• Admin has to login to Azure portal and access Microsoft Entra ID.
• Once done they have to go to user's blade on the left.
• Click on the user account which is unable to login to Azure portal.
• Click on Authentication methods and click on “Require re-register multifactor authentication”.
• Now when you try to login to Azure, it will prompt you to register for MFA again.

If you are not aware of another global administrator or you are the only global admin in your tenant, please let us know. We will guide you further.

Since you mentioned that you are the only Global Admin in the tenant, this qualifies as a tenant lockout scenario. To resolve this, we need to engage the Data Protection team via a support ticket to unblock your access.

To proceed, I will need a few details from you. As this information contains Personally Identifiable Information (PII), please share the following details via private message only:

Thanks